struct ssl_attr *ssl_attr = &csp->ssl_client_attr;
/* Paths to certificates file and key file */
char *key_file = NULL;
- char *ca_file = NULL;
char *cert_file = NULL;
int ret = 0;
SSL *ssl;
/*
* Preparing paths to certificates files and key file
*/
- ca_file = csp->config->ca_cert_file;
cert_file = make_certs_path(csp->config->certificate_directory,
(const char *)csp->http->hash_of_host_hex, CERT_FILE_TYPE);
key_file = make_certs_path(csp->config->certificate_directory,
goto exit;
}
+ if (csp->config->cipher_list != NULL)
+ {
+ if (!SSL_set_cipher_list(ssl, csp->config->cipher_list))
+ {
+ log_ssl_errors(LOG_LEVEL_ERROR,
+ "Setting the cipher list '%s' for the client connection failed",
+ csp->config->cipher_list);
+ ret = -1;
+ goto exit;
+ }
+ }
+
/*
* Handshake with client
*/
goto exit;
}
+ if (csp->config->cipher_list != NULL)
+ {
+ if (!SSL_set_cipher_list(ssl, csp->config->cipher_list))
+ {
+ log_ssl_errors(LOG_LEVEL_ERROR,
+ "Setting the cipher list '%s' for the server connection failed",
+ csp->config->cipher_list);
+ ret = -1;
+ goto exit;
+ }
+ }
+
/*
* Set the hostname to check against the received server certificate
*/
}
}
+ if (file_exists(cert_opt.output_file) == 0 &&
+ file_exists(cert_opt.subject_key) == 1)
+ {
+ log_error(LOG_LEVEL_ERROR,
+ "A website key already exists but there's no matching certificate. "
+ "Removing %s before creating a new key and certificate.",
+ cert_opt.subject_key);
+ if (unlink(cert_opt.subject_key))
+ {
+ log_error(LOG_LEVEL_ERROR, "Failed to unlink %s: %E",
+ cert_opt.subject_key);
+
+ freez(cert_opt.output_file);
+ freez(cert_opt.subject_key);
+
+ return -1;
+ }
+ }
+
/*
* Create key for requested host
*/
projects / privoxy.git / blobdiff